Hello, I have enabled the feature in SCCM for "Windows Defender Application Control". For some reason I cannot get the policy to push to any machines. Any ideas on what the issue may be would be appreciated. -Judical

I'm currently troubleshooting the logs, but because my SCCM Primary is installed on Server 2016 and SCEP doesn't install.  How do we get this to work? Here's the messages I'm getting from looking at Site Components in the Console:
Site Component Manager failed to install component SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER on server & SCEPInstall.exe returns error 0x8004ff73.

I am running SCCM on my 2016 windows server, and receive these errors in my windowsupdate.log file.  I have a WSUS service running on the SCCM server, and a GPO is defined to point to that.

I am struggling as to why I am still getting this error.  I am deploying Software Center to my AD server.  Both servers run 2016.  I followed this tutorial: https://www.windows-noob.com/forums/topic/4428-using-sccm-2012-in-a-lab-part-3-configuring-discovery-and-boundaries/.  I did notice that under software library/packages, that the cm client package failed to distribute, so not sure if that's part of this, or that's a separate problem.  I've done some research, and people have said that you failed to define the DP.   Boundary Properties: Boundary Group Properties:

Hi Everyone, We have an SCCM CB IBCM server within our DMZ serving up updates for our internet based laptop users.  Today we ran an external vulnerability scan to health check the security of our network.  The report flagged up a red mark against our IBCM server due to not using third party certificates.  "Due to using an internally generated certificate the server is unable to verify it"  or words to that effect. I'm sure I'm correct in saying that each an every client much have a unique certificate for SCCM to work, and using a third party cert would be incredibly expensive if we had to purchase 100s of them for each client. Can someone please confirm the correct usage of certificates in an IBCM scenario please.  Should we be using third party certs, or carry on using the current internal ones.  Thanks!

I have set up Store Apps on out 1709 environment and i am deploying OFFLINE apps I cannot however get the ONLINE apps to deploy from the store, I have moved the apps to the private store, assigned to myself as a test user, i have recieved the link emails from the store BUT when i follow the link i click to install and get 'There seems to be an error our end, try again later' been having same issue for a week.   can anyone help?   thanks

We updated to SCCM1806 a few weeks ago, the clients have definitely updated to the newest version, but the currently logged on user column never populates. Any ideas?  

Hi WN I trying to add a custom Global Condition to a deployment type. But cant figure out how it done. and a big error so ?? if (!(Get-CMGlobalCondition -Name "Is user is logged on"))
{
    Remove-Item "$env:temp\Is_user_is_logged_on.ps1" -ea SilentlyContinue
    Add-Content -Encoding UTF8 "$env:temp\Is_user_is_logged_on.ps1" "[bool] (Get-Process explorer –ea 0)"
    New-CMGlobalCondition -Name "Is user is logged on" -Description "Check if an user is logged on" -DeviceType Windows -DataType Boolean -ScriptLanguage PowerShell -FilePath "$env:temp\Is_user_is_logged_on.ps1"
    Remove-Item "$env:temp\Is_user_is_logged_on.ps1" -ea SilentlyContinue
} $ApplicationName = "Igor Pavlov 7-Zip 18.05 (x64 edition) 18.05.00.0 V1"
$condition = Get-CMGlobalCondition -Name "Is user is logged on"
Set-CMDeploymentType -ApplicationName "$ApplicationName" -DeploymentTypeName "_Silent" -AddRequirement "$condition.Rule" console return: Cannot convert value "[SecurityVerbs(-1)]
instance of SMS_GlobalCondition ...... ref: https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/32636506-powershell-cmdlet-for-adding-global-conditions-as anyone done this before?